Software is classified as malicious when it contains the commands required to harm a computer system.
Watch a video describing the most common cybercrimes (ηλεκτρονικά εγκλήματα):
The categories of malicious software are the following:
– Virus: A computer virus is a malicious computer program that can replicate itself without user intervention and “infect” the computer without the knowledge or permission of its user. The original virus may modify its copies, or the copies themselves may undergo modification on their own, as occurs with a metamorphic virus. A virus may spread from one computer to others, for instance, when a user transmits the virus over a network or the Internet, or by transferring it on a portable storage medium such as a floppy disk, optical disc, or USB flash drive. Some viruses are designed to cause damage to the computer on which they are installed, either by destroying its programs, deleting files, or formatting the hard disk. On occasion, they create such damage in a specific sector of the hard disk that recovery of its entire content becomes impossible. Others are not intended to cause any damage but simply announce their presence by displaying text, video, or audio messages on the screen, sometimes quite humorous. However, even these “benign” viruses can create problems for the computer user: they occupy the memory used by normal programs and consequently often cause unstable system behaviour and may lead to a system crash. Furthermore, many viruses are inherently riddled with programming errors that may lead to the collapse of computer systems and the loss of data. Finally, a large proportion of viruses are not intended to destroy the user’s data or harass them, but to steal their personal data or to enrol the targeted computer in some illegal network (botnet) without the user’s consent.
– Trojan Horse: this is malicious software that uses the element of deception. Software of this kind pretends to be useful for the computer but in reality, through it, certain criminals manage to steal important files or gain control of the system. In most cases, this software does not aim to infect the computer — that is, it does not replicate — and for that reason these programs are not officially classified as viruses.
– Worm: this is malicious software that can be transmitted directly via a network infrastructure such as local area networks or via an e-mail message. Its ability to replicate automatically on the system on which it resides enables it to send personal data or access codes, so that the attacker can gain access to the network connection. Finally, another negative characteristic is that worms burden the network, loading it with useless activity.
– Rootkit: this is software that may very easily belong to any of the above categories. This software has the particular feature of concealing certain malicious programs so that they are not visible to security software. These programs sometimes act protectively for hackers by erasing the intruder’s information.
- See also article Online Fraud
- See also article Hacking
- See also Methods of Internet Attacks
- See also article Online Attacks
- See also article Online Piracy
- See also article Software Piracy
- See also article Pharmaceutical Trafficking
- See also article 10 Security Practices
FREQUENTLY ASKED QUESTIONS ON MALICIOUS SOFTWARE – LAWYER
1. What sentence is provided for the dissemination of malicious software?
The creation, dissemination, or use of malicious software (viruses, trojans, worms, rootkits) primarily constitutes the offences of unauthorized access to an information system (Article 370B of the Penal Code (PK)), breach of secrecy (Article 370C PK), and damage to computer data (Article 381A PK). Penalties range from imprisonment of up to five years, while in its felony form — when significant damage is caused or critical infrastructure is targeted — imprisonment may reach ten years. With proper defence, suspension of sentence (Article 99 PK), conversion into a monetary penalty (Article 80 PK), or community service is often achieved, particularly where mitigating circumstances under Article 84 PK are recognised.
2. What do I do if I am arrested for using a trojan or virus?
From the moment of arrest or summons to preliminary examination, the presence of a lawyer is critical. The defendant has the right to remain silent and to access the case file before giving a defence statement. In cybercrime cases, equipment is often seized (computers, hard drives, mobile phones), and digital forensic examination is conducted by the Cybercrime Prosecution Directorate. No response is advisable without prior study of the seizure report and the digital examination findings. Hasty defence statements without legal guidance often result in admissions that prove devastating in the courtroom.
3. How is the Cybercrime Directorate’s digital forensic examination challenged?
Digital forensic examination is not infallible. The chain of custody of the seized media, the data extraction method, the integrity of the hash values, and the possibility of system infection by a third party (e.g. botnet) without the user’s knowledge are all examined. Often the IP identified as the source of the attack belongs to a computer that has itself been infected and is used as an intermediary. Through private technical expert evidence and standalone pleas, the identification of the perpetrator is challenged and the core of the charge is overturned.
4. How long does the criminal procedure for cybercrimes last?
Malicious software cases have a long duration owing to their technical complexity. The preliminary examination and investigation may last from six months to two years, as the digital forensic findings are awaited and judicial assistance from foreign authorities (Europol, Interpol) is often required. The first instance hearing is usually scheduled one to two years after the criminal prosecution is brought. A further two years are added at second instance. The statute of limitations and defects in the case file often work in favour of the defendant.
5. What documents and evidence does the defence require?
The summons or bill of indictment summons, the arrest and seizure report, the digital forensic findings, the internet service provider logs, as well as any evidence documenting lawful use of the computer or shared access by third parties (family network, corporate environment, open Wi-Fi) are gathered. Antivirus logs proving that the user themselves fell victim to infection are useful, as are documents establishing professional capacity — particularly where the defendant is a security researcher or programmer who worked within a lawful framework (penetration testing).
6. What is the role of the specialised lawyer?
Cybercrime requires a lawyer with technical training, capable of reading digital examination reports, identifying inconsistencies, and collaborating with private experts. The Law Firm ZIAMPARAS D. & ASSOCIATES represents defendants from the preliminary investigation through to the Areios Pagos, develops a defence strategy based on the technical gaps in the case file, raises the appropriate standalone pleas, and seeks the recognition of mitigating circumstances for conversion or suspension of the sentence. The aim is acquittal or the most lenient possible judgment, with respect for the procedural rights of the client.